Description
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Maps in Posts Cross-Site Scripting (1.5.3)
Internet Information Services Other Vulnerability (CVE-2003-0225)
Drupal Core 8.9.0 Remote Code Execution (8.9.0)
WordPress Plugin Internal Links Manager Unspecified Vulnerability (2.0.1)
WordPress Plugin Salon Booking System Cross-Site Scripting (7.9.3)